EP1901192A1 - Mobile application registration - Google Patents
Mobile application registration Download PDFInfo
- Publication number
- EP1901192A1 EP1901192A1 EP20060254775 EP06254775A EP1901192A1 EP 1901192 A1 EP1901192 A1 EP 1901192A1 EP 20060254775 EP20060254775 EP 20060254775 EP 06254775 A EP06254775 A EP 06254775A EP 1901192 A1 EP1901192 A1 EP 1901192A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- application
- message
- mobile terminal
- application server
- unique identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 claims abstract description 50
- 230000008569 process Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/065—Continuous authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/48—Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
- G06Q2220/10—Usage protection of distributed data files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
- G06Q2220/10—Usage protection of distributed data files
- G06Q2220/18—Licensing
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Definitions
- This invention relates to a method of registering an application on a mobile device with a service provider, in particular a method of registering an application on a mobile device with an application server in a secure manner.
- Mobile phones today have the capability of many different applications over that of simply making and receiving telephone phone calls. Some have calendar functions, music players and games, whilst many have applications that can utilise the mobile phone's ability to connect to the internet using an internet browser, such as instant messaging and download services. These applications may be preloaded onto the phone or downloaded using various techniques.
- the download methods so-called “over-the-air” methods, include the well-known WAP-push technique, which allows content and applications to be pushed to a mobile device by providing an encoded SMS message to the device which includes a link to a WAP address for downloading the application.
- the registration process usually involves setting up of sign-on details, such as usernames and passwords, and providing payment details if the service requires it. This is used to authenticate the user before a service is provided and helps control other functions such as billing. This is particularly important with applications that are provided by a third party over the internet where authentication and billing are critical.
- users might be asked before they download an application via a web site to pay for the application first and to enter the device serial number (IMEI). This method is most often used by application vendors to tie an application to a particular mobile phone. However, in these cases when the user changes mobile phone, the application has to be downloaded again.
- IMEI device serial number
- the third party/vendor will not automatically have access to the user's details that will have been provided to the user's home mobile network, specifically in the home location register. This means that this separate registration process is required, and is typical in most third party provided applications and services, such as music downloads and instant messaging.
- the unique identifier is a universal unique identifier (UUID).
- UUID universal unique identifier
- the first message originates from the mobile terminal, and may be sent via the mobile network.
- the telephone number may be the MSISDN associated with the mobile terminal, which is provided in the first message by the mobile network.
- the telephone number may be used by the mobile network to route the second message to the mobile terminal, and the telephone number in the first message is provided by the mobile network.
- the method may further comprise checking if the subscriber identity stored in the data block is the same as the subscriber identity obtained from the identity module, and checking the terminal identifier stored in the data block against the terminal identifier obtained from the mobile terminal.
- Steps a) to d) may be repeated if either of the checks in step e) fail.
- the application on the mobile terminal may be set to terminate if either of the checks in step e) fail.
- the application may use the unique identifier to identify the mobile terminal and the identity module to the application server. This can be done by sending the unique identifier to the application server, which can then be verified.
- the first and second messages are both short message service messages.
- a system for registering an application on a mobile terminal in a mobile network comprising an application server, said mobile terminal comprising an identity module, and wherein the application server is adapted for receiving a first message for registering the application, said first message comprising a telephone number associated with the identity module, for generating a unique identifier and associating the unique identifier with the telephone number, and for sending a second message to the mobile terminal, said second message comprising the unique identifier; the mobile device is adapted for generating and storing a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.
- the present invention allows applications registered to a specific mobile device and/or SIM card in the mobile device to be identified. This is very important not only from an authentication and security perspective, but it also allows third parties to lock an application so that it only works with a designated phone number/SIM card. It can do this without having to send any requests to the mobile device's home mobile network, other than those of standard SMS messages. Compare this with known methods for authentication of users by third party application servers/vendors which send requests to the home location register of the home mobile network.
- the use of a unique identifier associated with the device means that the user never has to send the devices IMSI over the air, which may compromise security.
- the locking of services allows a third party to offer paid-for services to customers of any mobile operator based upon an application which maybe installed on the handset independently of either the mobile phone vendor or the mobile network operator.
- an internet connection which is typically a GPRS connection in most mobile networks
- the cost to the user is based on the amount of data transferred. This cost is typically quite reasonable per unit of data transferred using GPRS when used to transfer SMS type messages for example.
- each txt can cost as little as 0.3p for the mobile network charge, with an additional charge by the third party service provider on top, which is a a factor of 10 cheaper than the standard mobile network charge for sending a standard SMS message.
- the third party vendor is not a mobile network operator or virtual mobile network operator, this technique allows the vendor to offer paid-for services to a user where they only know the mobile phone number and do not already having a billing relationship with the user like mobile network operators do.
- a registration process that automatically creates a user account for an application on a mobile phone.
- the registration process generates a unique user identifier, which is transmitted to the mobile phone and is used for subsequent authentication of the user with an application server.
- the process prevents the application from being used when a different SIM card is introduced into the phone, even if the application on the phone has already been successfully registered.
- Figure 1 illustrates a network 100 comprising a user equipment 102, such as a mobile phone, a mobile network 112, an SMS gateway 116 and an application server 120.
- the user equipment 102 can communicate with the mobile network 112 over communications link 110, which is a radio link in this example where the mobile network 112 is GSM, UMTS or similar cellular mobile network.
- communications link 110 is a radio link in this example where the mobile network 112 is GSM, UMTS or similar cellular mobile network.
- individual components of the mobile network 112, such as base stations and gateways have been omitted.
- the mobile network 112 is the home mobile network associated with the SIM 106 and user equipment 102.
- the user equipment 102 includes a processor 104, which is used to control the operation of the device.
- the user equipment 102 also contains a data store 108, which can be used to store data such as phone numbers, photos and videos, as well as applications that can be run by the processor 104.
- the subscriber identity module (SIM) 106 in the user equipment 102 holds subscriber information, such as the international mobile subscriber identity (IMSI) which uniquely identifies the subscriber/user to the network.
- IMSI international mobile subscriber identity
- the user equipment 102 also has an associated international mobile equipment identity (IMEI), which is akin to a serial number for the device.
- IMEI international mobile equipment identity
- the mobile network 112 can communicate with the SMS gateway 116 over a fixed network connection 114. Similarly, the mobile network 112 can communicate with the application server 120 over a fixed network connection 122. The SMS gateway 116 and the application server 120 can also communicate with each other over a fixed network connection 118.
- the SMS gateway 116 is operated by a third party and is able to receive and send SMS messages to the mobile network 112.
- the SMS gateway 116 effectively acts as an aggregator for SMS messages to and from the mobile network 112 (illustrated) and other mobile networks (not illustrated).
- the mobile network 112 includes an SMS centre (SMSC), which is the interface between the SMS gateway 116 and the mobile network 112. Communications between the user equipment 102 and the mobile network 112 and within the mobile network 112 are inherently secure due to the security requirements under the GSM standards.
- SMS centre SMS centre
- the application server 120 is also operated by a third party, which may or may not be the same as the operator of the SMS gateway 116, and can provide applications and services to the user equipment.
- the application server 120 can provide applications and services that can be downloaded by the user equipment 102, such as games, music and video download services. At least some of these applications require the user to download an application onto the user equipment 102 first and register that application before subsequent use of it.
- the user equipment 102 already has an application stored in its memory 108.
- the application is a music download application, but could be any other application stored on the user equipment 102.
- the application can be provided in a number of different ways such as by downloading by the user or it can be preloaded on the device.
- One method of downloading the application is by texting a short code (a form of SMS message) from the user equipment 102 to a third party for the chosen service. This is received by the mobile network 112, which routes it to the relevant SMS gateway 120 for processing.
- the SMS gateway 120 processes the message and sends a WAP push message back to the user equipment 102.
- the WAP push message starts the web browser on the user equipment 102 directing the user to the application server 124 for downloading the application.
- the user has to register the application with the application server 120.
- the user first confirms various terms and conditions upon starting up the application for the first time.
- the application then generates a formatted SMS message containing details associated with the application or service being registered.
- the details may for example contain text to indicate that this is a first registration and an identifier for the application, version number etc.
- the SMS message is sent by the user equipment 102 to a short code number or similar number corresponding to the application server 124.
- the SMS message is first transmitted to the mobile network 112 by the user equipment 102 in step 202a.
- the mobile network 112 identifies the originator, the user equipment 102, of the SMS registration message and forwards the SMS message onto the SMS gateway 120 in step 202b.
- the SMS message forwarded specifically by an SMSC (not shown) in the mobile network 112, now includes the telephone number associated with the user equipment 102. This telephone number is more commonly referred to as the mobile subscriber ISDN (MSISDN) number.
- MSISDN mobile subscriber ISDN
- the MSISDN is added to the SMS message before it is forwarded to the application server 120 via the SMS gateway 116 in steps 202b and 202c.
- the SMS message is first received by the SMS gateway 116 associated with the application server 120.
- the SMS gateway 116 is connected to the application server 120 through communications link 118, which may be an IP connection for example.
- the application server 120 receives the SMS message and stores the message content, including the MSISDN of the user equipment 102, in a customer profile database in step 204.
- the application server 120 then generates a unique user identifier that is associated with the stored MSISDN in step 206.
- the Universally Unique Identifier (UUID) format is used, through other similarly unique identifiers may be used.
- UUID Universally Unique Identifier
- the application server 120 may then encrypt the UUID using a strong encryption method. For example, a unique key may be used to encrypt the UUID into a text block, where the key is composed of hashing the MSISDN with a pseudo random generated number.
- the text block may be 160 characters in length to match the size of an SMS message, though could be more than 160 characters.
- step 210a the text block is sent as an SMS message back to the user equipment 102 by the application server 120 via the mobile network 112.
- the application server 120 uses the MSISDN obtained from the registration message to send the text block back to the user equipment 102.
- This step enables the originating user equipment 102 to be verified as being genuine and avoid the situation where the user sends a registration SMS message with a tampered MSISDN, IMSI or similar to deceive the system.
- the mobile network 112 will ensure that the response is directed to the correct user equipment 102 associated with the MSISDN.
- the user equipment 102 then decodes the received text block using the application to extract the information which may contain the UUID in step 212.
- the application remains running after the sending of the registration SMS in step 202a and waits for this return SMS from the application server 120.
- the application has a reverse algorithm for decoded the text block if it has been encoded.
- the application then stores the extracted UUID in a data block, which can be encrypted, in the memory 108 together the IMSI of the SIM 106 and the IMEI of the user equipment 102.
- the application includes an interface or similar that allows the application to interrogate the SIM 106 and the user equipment 102 for the IMSI and the IMEI respectively.
- the registration process is now complete and the application on the user equipment 102 can be used to access services provided by a third party from the application server 120 in step 214.
- These services will generally be accessed over a GPRS or similar data connection over the mobile network 112.
- These services may for example be a music download service from the application server 120.
- Figure 3 illustrates a message flow diagram of when a user next starts the application on his user equipment 102 to access services from the application server 120.
- the present invention performs an authentication sequence to ensure that neither the SIM or the user equipment 102 has changed since the initial registration. This may be due to the user moving the SIM 106 from an old device to a new device, or when the user equipment 102 stays the same, but a new SIM is inserted.
- step 300 the user starts the application on the user equipment 102, which verifies the data block stored in the memory 108. This is done by decrypting the data block and then checking the decrypted IMSI and IMEI with the IMSI and IMEI from the SIM 106 and the user equipment 102 respectively.
- the application can interrogate the SIM 106 and the user equipment 102 to obtain the IMSI and IMEI respectively. If the IMSI and IMEI are verified, then the application can assume that the UUID in the data block is valid and correct for the IMSI/IMEI combination as verified.
- the application can be set to delete the data block and either restart the registration process (from step 200) or close the application. This may occur for example if the SIM card 106 has been replaced in the user equipment 102 with that belonging to another user, resulting in a change of IMSI. If the IMSI has changed due to a new SIM card in the user equipment 102, then the application can be configured to allow the performance of the above registration process again to register the new SIM with the application server 120.
- the application may also be set to terminate in the case where the IMEI has changed. This might occur if the IMEI of the user equipment 102 has been tampered with, or where the data block on the user equipment 102 associated with the IMEI has been altered. This might be an indication of possible attempt of fraudulent use.
- step 302 the application causes the user equipment 102 to send a new registration SMS message of the same format and content as that sent in step 202.
- This SMS message which includes the MSISDN of the user equipment 102, is received by the application server 120.
- step 304 the application server 120 checks the customer profile database to see if the MSISDN has previously been registered. If the MSISDN already exists in the database, then the associated UUID is retrieved and encoded in step 306. Alternatively, if the MSISDN is not present in the database, or even if it is, a new UUID can be generated by the application server 120 and encoded in step 306 instead. Generation of a new UUID is preferable, especially during a registration or re-registration process as it ensures that the UUID is unique for a given combination of IMSI/IMEI.
- step 308 the encoded UUID is transmitted to the user equipment 102 identified by the MSISDN.
- step 310 the UUID is decoded and stored with the current IMSI and IMEI in a code block in the user equipment 102 as in corresponding step 212. Once the new code block has been generated and stored locally at the user equipment 120, services can start between the user equipment 102 and the application server 120.
- steps 304 and 306 may replace steps 204, 206 and 208, as the MSISDN received in the registration SMS will already exist in the customer profile database.
- the application may be set to terminate after a predetermined period of time. The application may then give the user an opportunity to retry registration.
- the application can also be adapted to send the UUID to the application server 120.
- One use for this is for handling and verifying payments.
- the UUID can be passed over a secure datalink, such as a suitable IP connection (e.g. https) over the mobile network 112, to the application server. This can then be used for making payments to an account without having to divulge MSISDN or other details such as IMSI and IMEI.
- the application can use the UUID to check, as and when required, whether the user has sufficient "credit" to pay for service before the application provides that service. This is important for services that require a regular subscription be paid up before the service is provided.
- the UUID can therefore act as a key for retrieving a customer record containing the relevant information.
- One important aspect of the invention is that it allows a service provider with no prior relationship with a user to secure an application to a mobile phone and IMSI using only APls associated with the phone and an SMS "handshake". This differs from the methods used by mobile network operators to achieve a similar aim.
- the SMS message can instead contain a URL and a "temporary" UUID.
- This "temporary" UUID may only be valid for a short period of time, and the URL points to a web page managed by the application server 120.
- the application on the user equipment 102 once it has received this alternative SMS message, can use a secure browser connection (e.g. an HTTPS connection) to access the URL and transfer the "temporary" UUID to the application server 120, which then checks that access is valid by checking the UUID transferred against that originally generated by the application server 120.
- a secure browser connection e.g. an HTTPS connection
- the application server 120 can return a data block over the secure connection containing authentication or configuration data, including a "permanent" UUID and a further URL which can be used by the application on the user equipment 102 to check if this new data block is valid in a subsequent check.
- the application can determine if the user's account is still valid. If it is, then the existing data block is returned to the application from the application server 120, and the service can continue. If the account is no longer valid, for example if a free trial period has expired or if a bill has not been paid, then a blank data block is returned which disables the service on the application.
- examples of the present invention utilise the inherently secure framework provided by the mobile network operator to provision a UUID that is associated with a user and his device.
- a UUID that is associated with a user and his device.
- it is the security of the SMS mechanism that ensures the security of this invention.
Abstract
A method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of: receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module; generating by the application server a unique identifier and associating the unique identifier with the telephone number; sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.
Description
- This invention relates to a method of registering an application on a mobile device with a service provider, in particular a method of registering an application on a mobile device with an application server in a secure manner.
- Mobile phones today have the capability of many different applications over that of simply making and receiving telephone phone calls. Some have calendar functions, music players and games, whilst many have applications that can utilise the mobile phone's ability to connect to the internet using an internet browser, such as instant messaging and download services. These applications may be preloaded onto the phone or downloaded using various techniques. The download methods, so-called "over-the-air" methods, include the well-known WAP-push technique, which allows content and applications to be pushed to a mobile device by providing an encoded SMS message to the device which includes a link to a WAP address for downloading the application.
- Many of these applications, in particular those that access services over the internet, require registration before they can be used. The registration process usually involves setting up of sign-on details, such as usernames and passwords, and providing payment details if the service requires it. This is used to authenticate the user before a service is provided and helps control other functions such as billing. This is particularly important with applications that are provided by a third party over the internet where authentication and billing are critical. Alternatively, users might be asked before they download an application via a web site to pay for the application first and to enter the device serial number (IMEI). This method is most often used by application vendors to tie an application to a particular mobile phone. However, in these cases when the user changes mobile phone, the application has to be downloaded again.
- In third party provided applications and services, the third party/vendor will not automatically have access to the user's details that will have been provided to the user's home mobile network, specifically in the home location register. This means that this separate registration process is required, and is typical in most third party provided applications and services, such as music downloads and instant messaging.
- From an authentication perspective, it is important to avoid the situation where a user who has registered an application on his mobile device and subsequently loses that device, does not lose too much data associated with that device. If the registration process for an application is "weak", for example in a one-off registration process to activate an application prior to subsequent use, another user could simply insert their SIM card into the lost device and use the registered application at the expense of the genuine user. Even if the application is tied to the serial number of the mobile device, another user could still insert their SIM and use the application, as the device serial number remains unchanged.
- It is the aim of embodiments of the present invention to address one or more of the above-stated problems, thereby providing an improved and simplified method for registering an application on a mobile device.
- According to one aspect of the present invention, there is provided a method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of:
- a) receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module;
- b) generating by the application server a unique identifier and associating the unique identifier with the telephone number;
- c) sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and
- d) generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.
- Preferably, the unique identifier is a universal unique identifier (UUID). The first message originates from the mobile terminal, and may be sent via the mobile network. In such a situation, the telephone number may be the MSISDN associated with the mobile terminal, which is provided in the first message by the mobile network.
- The telephone number may be used by the mobile network to route the second message to the mobile terminal, and the telephone number in the first message is provided by the mobile network.
- The method may further comprise checking if the subscriber identity stored in the data block is the same as the subscriber identity obtained from the identity module, and checking the terminal identifier stored in the data block against the terminal identifier obtained from the mobile terminal.
- Steps a) to d) may be repeated if either of the checks in step e) fail. The application on the mobile terminal may be set to terminate if either of the checks in step e) fail.
- The application may use the unique identifier to identify the mobile terminal and the identity module to the application server. This can be done by sending the unique identifier to the application server, which can then be verified.
- Preferably, the first and second messages are both short message service messages.
- According to another embodiment of the present invention, there is provided a system for registering an application on a mobile terminal in a mobile network, said system comprising an application server, said mobile terminal comprising an identity module, and wherein
the application server is adapted for receiving a first message for registering the application, said first message comprising a telephone number associated with the identity module, for generating a unique identifier and associating the unique identifier with the telephone number, and for sending a second message to the mobile terminal, said second message comprising the unique identifier;
the mobile device is adapted for generating and storing a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal. - The present invention allows applications registered to a specific mobile device and/or SIM card in the mobile device to be identified. This is very important not only from an authentication and security perspective, but it also allows third parties to lock an application so that it only works with a designated phone number/SIM card. It can do this without having to send any requests to the mobile device's home mobile network, other than those of standard SMS messages. Compare this with known methods for authentication of users by third party application servers/vendors which send requests to the home location register of the home mobile network.
- Furthermore, the use of a unique identifier associated with the device, means that the user never has to send the devices IMSI over the air, which may compromise security.
- The locking of services allows a third party to offer paid-for services to customers of any mobile operator based upon an application which maybe installed on the handset independently of either the mobile phone vendor or the mobile network operator. As many services are provided over an internet connection, which is typically a GPRS connection in most mobile networks, the cost to the user is based on the amount of data transferred. This cost is typically quite reasonable per unit of data transferred using GPRS when used to transfer SMS type messages for example. In the UK, it is possible to send over 1000 SMS size messages using GPRS in 1 MB with a suitable application, and 1MB with most mobile network operators costs no more than £3-5. Thus each txt can cost as little as 0.3p for the mobile network charge, with an additional charge by the third party service provider on top, which is a a factor of 10 cheaper than the standard mobile network charge for sending a standard SMS message. And in the case where the third party vendor is not a mobile network operator or virtual mobile network operator, this technique allows the vendor to offer paid-for services to a user where they only know the mobile phone number and do not already having a billing relationship with the user like mobile network operators do.
- For a better understanding of the present invention reference will now be made by way of example only to the accompanying drawings, in which:
- Figure 1 is a network diagram in an example of the present invention;
- Figure 2 is a message flow diagram illustrating a registration process in an example of the present invention;
- Figure 3 is a message flow diagram illustrating a subsequent authentication process in an example of the present invention.
- The present invention is described herein with reference to particular examples. The invention is not, however, limited to such examples.
- In examples of the present invention, there is proposed a registration process that automatically creates a user account for an application on a mobile phone. The registration process generates a unique user identifier, which is transmitted to the mobile phone and is used for subsequent authentication of the user with an application server. As the user identifier is fixed to both the subscriber identity associated with the SIM card and the device used during registration, the process prevents the application from being used when a different SIM card is introduced into the phone, even if the application on the phone has already been successfully registered.
- Figure 1 illustrates a
network 100 comprising auser equipment 102, such as a mobile phone, amobile network 112, anSMS gateway 116 and anapplication server 120. Theuser equipment 102 can communicate with themobile network 112 overcommunications link 110, which is a radio link in this example where themobile network 112 is GSM, UMTS or similar cellular mobile network. For simplicity, individual components of themobile network 112, such as base stations and gateways, have been omitted. In this example, themobile network 112 is the home mobile network associated with theSIM 106 anduser equipment 102. - The
user equipment 102 includes aprocessor 104, which is used to control the operation of the device. Theuser equipment 102 also contains adata store 108, which can be used to store data such as phone numbers, photos and videos, as well as applications that can be run by theprocessor 104. The subscriber identity module (SIM) 106 in theuser equipment 102 holds subscriber information, such as the international mobile subscriber identity (IMSI) which uniquely identifies the subscriber/user to the network. Theuser equipment 102 also has an associated international mobile equipment identity (IMEI), which is akin to a serial number for the device. - The
mobile network 112 can communicate with theSMS gateway 116 over a fixednetwork connection 114. Similarly, themobile network 112 can communicate with theapplication server 120 over a fixednetwork connection 122. TheSMS gateway 116 and theapplication server 120 can also communicate with each other over a fixednetwork connection 118. - In this example, the
SMS gateway 116 is operated by a third party and is able to receive and send SMS messages to themobile network 112. TheSMS gateway 116 effectively acts as an aggregator for SMS messages to and from the mobile network 112 (illustrated) and other mobile networks (not illustrated). Whilst not illustrated in Figure 1, themobile network 112 includes an SMS centre (SMSC), which is the interface between theSMS gateway 116 and themobile network 112. Communications between theuser equipment 102 and themobile network 112 and within themobile network 112 are inherently secure due to the security requirements under the GSM standards. - The
application server 120 is also operated by a third party, which may or may not be the same as the operator of theSMS gateway 116, and can provide applications and services to the user equipment. For example, theapplication server 120 can provide applications and services that can be downloaded by theuser equipment 102, such as games, music and video download services. At least some of these applications require the user to download an application onto theuser equipment 102 first and register that application before subsequent use of it. - The specific operation of the elements in Figure 1 in process for registering an application on the
user equipment 102 will be described in more detail below with reference to the message flow diagram of Figure 2. References in Figure 2 to the elements found in Figure 1 are made using like reference numerals. - In
step 200, theuser equipment 102 already has an application stored in itsmemory 108. In this example, the application is a music download application, but could be any other application stored on theuser equipment 102. The application can be provided in a number of different ways such as by downloading by the user or it can be preloaded on the device. One method of downloading the application is by texting a short code (a form of SMS message) from theuser equipment 102 to a third party for the chosen service. This is received by themobile network 112, which routes it to therelevant SMS gateway 120 for processing. TheSMS gateway 120 processes the message and sends a WAP push message back to theuser equipment 102. The WAP push message starts the web browser on theuser equipment 102 directing the user to theapplication server 124 for downloading the application. - Once the application is downloaded and installed on the
user equipment 102, the user has to register the application with theapplication server 120. The user first confirms various terms and conditions upon starting up the application for the first time. The application then generates a formatted SMS message containing details associated with the application or service being registered. The details may for example contain text to indicate that this is a first registration and an identifier for the application, version number etc. The SMS message is sent by theuser equipment 102 to a short code number or similar number corresponding to theapplication server 124. The SMS message is first transmitted to themobile network 112 by theuser equipment 102 instep 202a. - The
mobile network 112 identifies the originator, theuser equipment 102, of the SMS registration message and forwards the SMS message onto theSMS gateway 120 instep 202b. The SMS message forwarded, specifically by an SMSC (not shown) in themobile network 112, now includes the telephone number associated with theuser equipment 102. This telephone number is more commonly referred to as the mobile subscriber ISDN (MSISDN) number. The MSISDN is added to the SMS message before it is forwarded to theapplication server 120 via theSMS gateway 116 insteps - The SMS message is first received by the
SMS gateway 116 associated with theapplication server 120. TheSMS gateway 116 is connected to theapplication server 120 through communications link 118, which may be an IP connection for example. - The
application server 120 receives the SMS message and stores the message content, including the MSISDN of theuser equipment 102, in a customer profile database instep 204. - The
application server 120 then generates a unique user identifier that is associated with the stored MSISDN instep 206. In one preferred embodiment, the Universally Unique Identifier (UUID) format is used, through other similarly unique identifiers may be used. The UUID specification is described in more detail in RFC 4122. - The
application server 120 may then encrypt the UUID using a strong encryption method. For example, a unique key may be used to encrypt the UUID into a text block, where the key is composed of hashing the MSISDN with a pseudo random generated number. The text block may be 160 characters in length to match the size of an SMS message, though could be more than 160 characters. - In
step 210a, the text block is sent as an SMS message back to theuser equipment 102 by theapplication server 120 via themobile network 112. Theapplication server 120 uses the MSISDN obtained from the registration message to send the text block back to theuser equipment 102. This step enables the originatinguser equipment 102 to be verified as being genuine and avoid the situation where the user sends a registration SMS message with a tampered MSISDN, IMSI or similar to deceive the system. By using the present method, themobile network 112 will ensure that the response is directed to thecorrect user equipment 102 associated with the MSISDN. - The
user equipment 102 then decodes the received text block using the application to extract the information which may contain the UUID instep 212. The application remains running after the sending of the registration SMS instep 202a and waits for this return SMS from theapplication server 120. The application has a reverse algorithm for decoded the text block if it has been encoded. The application then stores the extracted UUID in a data block, which can be encrypted, in thememory 108 together the IMSI of theSIM 106 and the IMEI of theuser equipment 102. The application includes an interface or similar that allows the application to interrogate theSIM 106 and theuser equipment 102 for the IMSI and the IMEI respectively. - The registration process is now complete and the application on the
user equipment 102 can be used to access services provided by a third party from theapplication server 120 instep 214. These services will generally be accessed over a GPRS or similar data connection over themobile network 112. These services may for example be a music download service from theapplication server 120. - Figure 3 illustrates a message flow diagram of when a user next starts the application on his
user equipment 102 to access services from theapplication server 120. The present invention performs an authentication sequence to ensure that neither the SIM or theuser equipment 102 has changed since the initial registration. This may be due to the user moving theSIM 106 from an old device to a new device, or when theuser equipment 102 stays the same, but a new SIM is inserted. - In
step 300, the user starts the application on theuser equipment 102, which verifies the data block stored in thememory 108. This is done by decrypting the data block and then checking the decrypted IMSI and IMEI with the IMSI and IMEI from theSIM 106 and theuser equipment 102 respectively. The application can interrogate theSIM 106 and theuser equipment 102 to obtain the IMSI and IMEI respectively. If the IMSI and IMEI are verified, then the application can assume that the UUID in the data block is valid and correct for the IMSI/IMEI combination as verified. - However, if the check fails, then the application can be set to delete the data block and either restart the registration process (from step 200) or close the application. This may occur for example if the
SIM card 106 has been replaced in theuser equipment 102 with that belonging to another user, resulting in a change of IMSI. If the IMSI has changed due to a new SIM card in theuser equipment 102, then the application can be configured to allow the performance of the above registration process again to register the new SIM with theapplication server 120. - The application may also be set to terminate in the case where the IMEI has changed. This might occur if the IMEI of the
user equipment 102 has been tampered with, or where the data block on theuser equipment 102 associated with the IMEI has been altered. This might be an indication of possible attempt of fraudulent use. - The remainder of Figure 3 shows the re-registration process that is initiated by the application when the check in
step 300 fails. - In step 302, the application causes the
user equipment 102 to send a new registration SMS message of the same format and content as that sent in step 202. This SMS message, which includes the MSISDN of theuser equipment 102, is received by theapplication server 120. Instep 304, theapplication server 120 checks the customer profile database to see if the MSISDN has previously been registered. If the MSISDN already exists in the database, then the associated UUID is retrieved and encoded instep 306. Alternatively, if the MSISDN is not present in the database, or even if it is, a new UUID can be generated by theapplication server 120 and encoded instep 306 instead. Generation of a new UUID is preferable, especially during a registration or re-registration process as it ensures that the UUID is unique for a given combination of IMSI/IMEI. - In step 308, the encoded UUID is transmitted to the
user equipment 102 identified by the MSISDN. Instep 310, the UUID is decoded and stored with the current IMSI and IMEI in a code block in theuser equipment 102 as in correspondingstep 212. Once the new code block has been generated and stored locally at theuser equipment 120, services can start between theuser equipment 102 and theapplication server 120. - If the user is using a new phone with an existing SIM card that has previously been registered with the application server, then steps 304 and 306 may replace
steps - Several additional features may be incorporated into the system. For example, if for some reason the application does not get an SMS back from the
application server 120 in the registration process (step 210 not effected), then the application may be set to terminate after a predetermined period of time. The application may then give the user an opportunity to retry registration. - Furthermore, the application can also be adapted to send the UUID to the
application server 120. One use for this is for handling and verifying payments. By associating user, specifically the MSISDN, to a UUID, all communications between theuser equipment 102 and the application following registration can make use of the UUID instead of the MSISDN. Thus, the UUID can be passed over a secure datalink, such as a suitable IP connection (e.g. https) over themobile network 112, to the application server. This can then be used for making payments to an account without having to divulge MSISDN or other details such as IMSI and IMEI. - Similarly, the application can use the UUID to check, as and when required, whether the user has sufficient "credit" to pay for service before the application provides that service. This is important for services that require a regular subscription be paid up before the service is provided. The UUID can therefore act as a key for retrieving a customer record containing the relevant information.
One important aspect of the invention is that it allows a service provider with no prior relationship with a user to secure an application to a mobile phone and IMSI using only APls associated with the phone and an SMS "handshake". This differs from the methods used by mobile network operators to achieve a similar aim. - In another aspect of the invention, instead of the
application server 120 sending the UUID to theuser equipment 102 in an SMS message, the SMS message can instead contain a URL and a "temporary" UUID. This "temporary" UUID may only be valid for a short period of time, and the URL points to a web page managed by theapplication server 120. - The application on the
user equipment 102, once it has received this alternative SMS message, can use a secure browser connection (e.g. an HTTPS connection) to access the URL and transfer the "temporary" UUID to theapplication server 120, which then checks that access is valid by checking the UUID transferred against that originally generated by theapplication server 120. - If the application server determines that the transferred UUID is the same as the UUID originally generated by the
application server 120, then theapplication server 120 can return a data block over the secure connection containing authentication or configuration data, including a "permanent" UUID and a further URL which can be used by the application on theuser equipment 102 to check if this new data block is valid in a subsequent check. By checking the UUID using the URL provided on a regular basis, the application can determine if the user's account is still valid. If it is, then the existing data block is returned to the application from theapplication server 120, and the service can continue. If the account is no longer valid, for example if a free trial period has expired or if a bill has not been paid, then a blank data block is returned which disables the service on the application. - In summary, examples of the present invention utilise the inherently secure framework provided by the mobile network operator to provision a UUID that is associated with a user and his device. In particular, it is the security of the SMS mechanism that ensures the security of this invention.
- Whilst the download of an application and subsequent registration are described with reference to the
same SMS gateway 116 andapplication server 120 as those used in subsequent provision of services, the examples are equally applicable to the use of separate gateways and servers for each process. - In general, it is noted herein that while the above describes examples of the invention, there are several variations and modifications which may be made to the described examples without departing from the scope of the present invention as defined in the appended claims. One skilled in the art will recognise modifications to the described examples.
Claims (11)
- A method of registering an application on a mobile terminal (102) in a mobile network (112) with an application server (120), said mobile terminal (102) comprising an identity module (106), said method comprising the steps of:a) receiving at the application server (120) a first message for registering the application, said first message comprising a telephone number associated with the identity module (106);b) generating by the application server (120) a unique identifier and associating the unique identifier with the telephone number;c) sending a second message from the application server (120) to the mobile terminal (102), said second message comprising the unique identifier; andd) generating and storing at the mobile terminal (102) a data block comprising the unique identifier, a subscriber identity associated with the identity module (106) and a terminal identifier associated with the mobile terminal (102).
- A method according to claim 1 comprising a further authentication step of:e) checking if the subscriber identity stored in the data block is the same as the subscriber identity obtained from the identity module (106) and checking the terminal identifier stored in the data block against the terminal identifier obtained from the mobile terminal (102).
- A method according to claim 2, wherein steps a) to d) are repeated if either of the checks in step e) fail.
- A method according to claim 2, wherein the application is terminated if either of the checks in step e) fail.
- A method according to claim 5, wherein the application uses the unique identifier to identify the mobile terminal (112) and the identity module (106) to the application server (120).
- A method according to any preceding claim, wherein the first and second messages are sent over the mobile network (112).
- A method according to claim 5, wherein the first and second messages are short message service messages.
- A method according to any preceding claim, wherein the telephone number is used by the mobile network (112) to route the second message to the mobile terminal (102), and the telephone number in the first message is provided by the mobile network (112).
- A method according to any preceding claim, wherein the first and second communications methods are secure communications methods.
- A method according to any preceding claim, wherein the first message originates from the mobile terminal (102).
- A system for registering an application on a mobile terminal (102) in a mobile network (112), said system comprising an application server (120), said mobile terminal (102) comprising an identity module (106), and wherein
the application server (120) is adapted for receiving a first message for registering the application, said first message comprising a telephone number associated with the identity module (106), for generating a unique identifier and associating the unique identifier with the telephone number, and for sending a second message to the mobile terminal (102), said second message comprising the unique identifier;
the mobile device (102) is adapted for generating and storing a data block comprising the unique identifier, a subscriber identity associated with the identity module (106) and a terminal identifier associated with the mobile terminal (102).
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20060254775 EP1901192A1 (en) | 2006-09-14 | 2006-09-14 | Mobile application registration |
PCT/GB2007/003005 WO2008032010A2 (en) | 2006-09-14 | 2007-08-08 | Mobile application registration |
US12/440,631 US9047444B2 (en) | 2006-09-14 | 2007-08-08 | Mobile application registration |
EP20070789139 EP2062457B1 (en) | 2006-09-14 | 2007-08-08 | Mobile application registration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20060254775 EP1901192A1 (en) | 2006-09-14 | 2006-09-14 | Mobile application registration |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1901192A1 true EP1901192A1 (en) | 2008-03-19 |
Family
ID=37757151
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20060254775 Ceased EP1901192A1 (en) | 2006-09-14 | 2006-09-14 | Mobile application registration |
EP20070789139 Active EP2062457B1 (en) | 2006-09-14 | 2007-08-08 | Mobile application registration |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20070789139 Active EP2062457B1 (en) | 2006-09-14 | 2007-08-08 | Mobile application registration |
Country Status (3)
Country | Link |
---|---|
US (1) | US9047444B2 (en) |
EP (2) | EP1901192A1 (en) |
WO (1) | WO2008032010A2 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2465769A (en) * | 2008-11-27 | 2010-06-02 | Symbian Software Ltd | Method and apparatus relating to licenses necessary for the operation of a software application on a mobile terminal |
CN101895844A (en) * | 2010-07-15 | 2010-11-24 | 武汉天喻信息产业股份有限公司 | Method for application downloading and installation of communication intelligent card |
EP2308211A1 (en) * | 2008-06-25 | 2011-04-13 | Mobiclip | Method of authenticating a user of a service on a mobile terminal |
CN101646195B (en) * | 2009-09-03 | 2012-05-23 | 中兴通讯股份有限公司 | Method and device for detecting UMTS terminal |
CN104158977A (en) * | 2011-05-27 | 2014-11-19 | 尼尔森(美国)有限公司 | Methods, systems and apparatus to associate a mobile device with a panelist profile |
AP3366A (en) * | 2008-09-19 | 2015-07-31 | Knowledge Farm Investiments Cc | A method of communicating with a wireless device |
WO2016075407A1 (en) * | 2014-11-14 | 2016-05-19 | Oberthur Technologies | Euicc card storing short numbers by subscriber profile to notify a subscription management server |
WO2017217808A1 (en) * | 2016-06-16 | 2017-12-21 | 주식회사 하렉스인포텍 | Mobile authentication method and system therefor |
EP3495974B1 (en) * | 2011-03-30 | 2022-02-16 | Irdeto B.V. | Enabling a software application to be executed on a mobile station |
US11520864B2 (en) | 2006-06-02 | 2022-12-06 | The Nielsen Company (Us), Llc | Digital rights management systems and methods for audience measurement |
Families Citing this family (61)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US9424154B2 (en) | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
US8838487B1 (en) * | 2008-04-16 | 2014-09-16 | Sprint Communications Company L.P. | Maintaining a common identifier for a user session on a communication network |
US8266307B2 (en) * | 2008-05-12 | 2012-09-11 | Nokia Corporation | Method, system, and apparatus for access of network services using subscriber identities |
US8200790B1 (en) * | 2009-07-13 | 2012-06-12 | Sprint Communications Company L.P. | Dynamically identifying client applications on mobile devices |
US20120190340A1 (en) * | 2009-09-08 | 2012-07-26 | Gemalto Sa | Method for binding secure device to a wireless phone |
US9112883B2 (en) * | 2009-11-12 | 2015-08-18 | Cellco Partnership | Method of registering a mobile station with a social networking site |
US8498895B2 (en) | 2010-07-19 | 2013-07-30 | Accenture Global Services Limited | Browser based user identification |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
US9172693B2 (en) * | 2010-11-11 | 2015-10-27 | Paypal, Inc. | Quick payment using mobile device binding |
US9112830B2 (en) * | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
KR20120123210A (en) * | 2011-04-19 | 2012-11-08 | 삼성전자주식회사 | Method for controlling for providing storage space to application and terminal and server therefor |
US9331993B2 (en) * | 2011-06-16 | 2016-05-03 | Telefonaktiebolaget L M Ericsson (Publ) | Authentication server and communication device |
AU2012203903B2 (en) * | 2011-07-12 | 2015-03-12 | Apple Inc. | System and method for linking pre-installed software to a user account on an online store |
US20130019237A1 (en) * | 2011-07-12 | 2013-01-17 | Apple Inc. | System and method for linking pre-installed software to a user account on an online store |
US9319406B2 (en) | 2011-07-12 | 2016-04-19 | Apple Inc. | System and method for linking pre-installed software to a user account on an online store |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US8666438B1 (en) * | 2011-09-22 | 2014-03-04 | Sprint Communications Company L.P. | Managing communications with a content provider |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
US20140351138A1 (en) * | 2011-11-16 | 2014-11-27 | P97 Networks, Inc. | Payment System for Vehicle Fueling |
CN103167097B (en) * | 2011-12-15 | 2017-04-12 | 富泰华工业(深圳)有限公司 | Mobile phone with confidentiality function and confidentiality method thereof |
BR102012003114B1 (en) * | 2012-02-10 | 2021-06-22 | Mls Wirelles S/A. | method to enable user and method to authenticate user on a 3g traffic bypass wifi network |
US8876596B2 (en) | 2012-02-29 | 2014-11-04 | Igt | Virtualized magnetic player card |
US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
CN102685701A (en) * | 2012-04-16 | 2012-09-19 | 中兴通讯股份有限公司 | Automatic name card holder storing method and system thereof |
US9412227B2 (en) | 2012-07-11 | 2016-08-09 | Igt | Method and apparatus for offering a mobile device version of an electronic gaming machine game at the electronic gaming machine |
WO2014027110A1 (en) * | 2012-08-16 | 2014-02-20 | Cargonis Gmbh | Authentication method and system |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
US9116766B2 (en) * | 2013-07-31 | 2015-08-25 | Sap Se | Extensible applications using a mobile application framework |
US9578052B2 (en) | 2013-10-24 | 2017-02-21 | Mcafee, Inc. | Agent assisted malicious application blocking in a network environment |
US9773376B2 (en) | 2013-12-18 | 2017-09-26 | Bally Gaming, Inc. | System and method for using casino-printed tickets to play casino on-line games |
US20150287033A1 (en) * | 2014-04-03 | 2015-10-08 | Mastercard International Incorporated | Methods and systems for testing success of remote personalization |
US10262357B2 (en) * | 2014-05-01 | 2019-04-16 | Igot It!, L.L.C. | Systems, methods and processes for conducting and/or completing one or more computer-implemented auctions in real-time |
US9762657B2 (en) * | 2014-06-17 | 2017-09-12 | International Business Machines Corporation | Authentication of mobile applications |
US9509853B2 (en) | 2014-12-01 | 2016-11-29 | T-Mobile Usa, Inc. | SIP IMS call forking to multiple associated devices |
JP6496628B2 (en) * | 2015-07-23 | 2019-04-03 | Kddi株式会社 | Subscriber identifier registration method, application server, program and apparatus |
US10417867B2 (en) | 2015-09-25 | 2019-09-17 | Igt | Gaming system and method for automatically transferring funds to a mobile device |
US20170092054A1 (en) | 2015-09-25 | 2017-03-30 | Igt | Gaming system and method for utilizing a mobile device to fund a gaming session |
CN105871910B (en) * | 2016-05-31 | 2020-01-10 | 宇龙计算机通信科技(深圳)有限公司 | eSIM joint registration method and related equipment and system |
US9769671B1 (en) * | 2016-06-13 | 2017-09-19 | T-Mobile Usa, Inc. | Securing identities of chipsets of mobile devices |
US10217317B2 (en) | 2016-08-09 | 2019-02-26 | Igt | Gaming system and method for providing incentives for transferring funds to and from a mobile device |
US10916090B2 (en) | 2016-08-23 | 2021-02-09 | Igt | System and method for transferring funds from a financial institution device to a cashless wagering account accessible via a mobile device |
US10621824B2 (en) | 2016-09-23 | 2020-04-14 | Igt | Gaming system player identification device |
CN108702705B (en) * | 2017-02-22 | 2021-04-09 | 华为技术有限公司 | Information transmission method and equipment |
US10332344B2 (en) | 2017-07-24 | 2019-06-25 | Igt | System and method for controlling electronic gaming machine/electronic gaming machine component bezel lighting to indicate different wireless connection statuses |
US10380843B2 (en) | 2017-08-03 | 2019-08-13 | Igt | System and method for tracking funds from a plurality of funding sources |
US10373430B2 (en) | 2017-08-03 | 2019-08-06 | Igt | System and method for tracking fund transfers between an electronic gaming machine and a plurality of funding sources |
US10360763B2 (en) | 2017-08-03 | 2019-07-23 | Igt | System and method for utilizing a mobile device to facilitate fund transfers between a cashless wagering account and a gaming establishment retail account |
US10360761B2 (en) | 2017-08-03 | 2019-07-23 | Igt | System and method for providing a gaming establishment account pre-approved access to funds |
US10643426B2 (en) | 2017-12-18 | 2020-05-05 | Igt | System and method for providing a gaming establishment account automatic access to funds |
US11341817B2 (en) | 2017-12-18 | 2022-05-24 | Igt | System and method for providing awards for utilizing a mobile device in association with a gaming establishment retail account |
US11922765B2 (en) | 2017-12-18 | 2024-03-05 | Igt | System and method employing virtual tickets |
US10950088B2 (en) | 2017-12-21 | 2021-03-16 | Igt | System and method for utilizing virtual ticket vouchers |
US11043066B2 (en) | 2017-12-21 | 2021-06-22 | Igt | System and method for centralizing funds to a primary gaming establishment account |
US10970968B2 (en) | 2018-04-18 | 2021-04-06 | Igt | System and method for incentivizing the maintenance of funds in a gaming establishment account |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1550930A1 (en) * | 2003-12-15 | 2005-07-06 | Mobile Integrated Solutions Limited | A method for restraining the re-distribution of licensed data in a digital mobile environment |
WO2005084107A2 (en) * | 2004-02-23 | 2005-09-15 | So Near | Method and device using a sim card device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2398707B (en) * | 2003-02-21 | 2005-03-30 | Schlumberger Holdings | Authentication method for enabling a user of a mobile station to access to private data or services |
WO2006034399A2 (en) * | 2004-09-21 | 2006-03-30 | Snapin Software Inc. | Secure software execution such as for use with a cell phone or mobile device |
US7634262B1 (en) * | 2006-03-07 | 2009-12-15 | Trend Micro, Inc. | Virus pattern update for mobile device |
FI120480B (en) * | 2006-05-15 | 2009-10-30 | Software Cellular Network Ltd | A method and system for configuring a user equipment |
KR101376883B1 (en) * | 2007-03-05 | 2014-03-21 | 엘지전자 주식회사 | Notification message moving method and terminal |
-
2006
- 2006-09-14 EP EP20060254775 patent/EP1901192A1/en not_active Ceased
-
2007
- 2007-08-08 WO PCT/GB2007/003005 patent/WO2008032010A2/en active Application Filing
- 2007-08-08 EP EP20070789139 patent/EP2062457B1/en active Active
- 2007-08-08 US US12/440,631 patent/US9047444B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1550930A1 (en) * | 2003-12-15 | 2005-07-06 | Mobile Integrated Solutions Limited | A method for restraining the re-distribution of licensed data in a digital mobile environment |
WO2005084107A2 (en) * | 2004-02-23 | 2005-09-15 | So Near | Method and device using a sim card device |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11520864B2 (en) | 2006-06-02 | 2022-12-06 | The Nielsen Company (Us), Llc | Digital rights management systems and methods for audience measurement |
EP2308211A1 (en) * | 2008-06-25 | 2011-04-13 | Mobiclip | Method of authenticating a user of a service on a mobile terminal |
AP3366A (en) * | 2008-09-19 | 2015-07-31 | Knowledge Farm Investiments Cc | A method of communicating with a wireless device |
US8229505B2 (en) | 2008-11-27 | 2012-07-24 | Nokia Corporation | Method and apparatus for storing a software license |
GB2465769A (en) * | 2008-11-27 | 2010-06-02 | Symbian Software Ltd | Method and apparatus relating to licenses necessary for the operation of a software application on a mobile terminal |
CN101646195B (en) * | 2009-09-03 | 2012-05-23 | 中兴通讯股份有限公司 | Method and device for detecting UMTS terminal |
CN101895844B (en) * | 2010-07-15 | 2013-06-05 | 武汉天喻信息产业股份有限公司 | Method for application downloading and installation of communication intelligent card |
CN101895844A (en) * | 2010-07-15 | 2010-11-24 | 武汉天喻信息产业股份有限公司 | Method for application downloading and installation of communication intelligent card |
EP3495974B1 (en) * | 2011-03-30 | 2022-02-16 | Irdeto B.V. | Enabling a software application to be executed on a mobile station |
CN104158977A (en) * | 2011-05-27 | 2014-11-19 | 尼尔森(美国)有限公司 | Methods, systems and apparatus to associate a mobile device with a panelist profile |
EP2860994A1 (en) * | 2011-05-27 | 2015-04-15 | The Nielsen Company (US), LLC | Methods and apparatus to associate a mobile device with a panelist profile |
US9220008B2 (en) | 2011-05-27 | 2015-12-22 | The Nielsen Company (Us), Llc | Methods and apparatus to associate a mobile device with a panelist profile |
CN104158977B (en) * | 2011-05-27 | 2017-07-25 | 尼尔森(美国)有限公司 | The mthods, systems and devices of measurement application are conditionally authorized on the mobile apparatus |
WO2016075407A1 (en) * | 2014-11-14 | 2016-05-19 | Oberthur Technologies | Euicc card storing short numbers by subscriber profile to notify a subscription management server |
US10321301B2 (en) | 2014-11-14 | 2019-06-11 | Idemia France | EUICC card memorizing short numbers by subscriber profile to notify a subscription management server |
FR3028705A1 (en) * | 2014-11-14 | 2016-05-20 | Oberthur Technologies | EUICC CARD STORING SHORT NUMBERS PER SUBSCRIBER PROFILE TO NOTIFY SUBSCRIPTION MANAGEMENT SERVER |
WO2017217808A1 (en) * | 2016-06-16 | 2017-12-21 | 주식회사 하렉스인포텍 | Mobile authentication method and system therefor |
US11620650B2 (en) | 2016-06-16 | 2023-04-04 | Harex Infotech Inc. | Mobile authentication method and system therefor |
Also Published As
Publication number | Publication date |
---|---|
US9047444B2 (en) | 2015-06-02 |
US20090328144A1 (en) | 2009-12-31 |
EP2062457B1 (en) | 2014-03-19 |
EP2062457A2 (en) | 2009-05-27 |
WO2008032010A2 (en) | 2008-03-20 |
WO2008032010A3 (en) | 2008-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2062457B1 (en) | Mobile application registration | |
CN101167388B (en) | Limited supply access to mobile terminal features | |
US7634280B2 (en) | Method and system for authenticating messages exchanged in a communications system | |
US8413215B2 (en) | System and method for extending secure authentication using unique session keys derived from entropy | |
US7565142B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
US8001615B2 (en) | Method for managing the security of applications with a security module | |
EP1758417B1 (en) | Authentication method | |
EP1658718B1 (en) | Method for registration of licensed modules in mobile devices | |
US20070293192A9 (en) | Identification of a terminal to a server | |
RU2411670C2 (en) | Method to create and verify authenticity of electronic signature | |
JP2009515403A (en) | Remote activation of user accounts in telecommunications networks | |
CN103516713A (en) | Facilitating and authenticating transactions | |
EP2186356A1 (en) | Service provider activation | |
WO1999039524A1 (en) | Procedure and system for the processing of messages in a telecommunication system | |
EP1680940B1 (en) | Method of user authentication | |
CN106656992B (en) | Information verification method | |
US20130183934A1 (en) | Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device | |
RU2354066C2 (en) | Method and system for authentication of data processing system user | |
KR20010010278A (en) | Method of supporting global roaming service and authentication scheme using smart card on mobile communications network | |
US20140040988A1 (en) | Method and System for Data Communication to an Identification Module in a Mobile Radio Terminal | |
US20050102519A1 (en) | Method for authentication of a user for a service offered via a communication system | |
CN100562009C (en) | Be used for from the method for the authentication of wireless device access World Wide Web service | |
EP1895798A1 (en) | Ascertaining the authentication of a roaming subscriber | |
US20100255811A1 (en) | Transmission of messages | |
WO2013095168A1 (en) | Method for transmitting a one-time code in an alphanumeric form |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20080115 |